The Five Eyes intelligence alliance is warning business and political leaders that frontier AI models could soon alter the cyber threat landscape. In a rare joint statement, signals intelligence agencies from Australia, the US, the UK, New Zealand, and Canada urged leaders to "act now" as advanced AI changes both attack and defense.
A warning measured in months
The central point of the warning is timing. The agencies said the shift is expected far sooner than many organizations may assume: "The timeline is not years, it is months."
According to the statement, frontier AI models are expected to exceed current industry expectations and fundamentally transform both offensive and defensive cyber capabilities. That means the same class of systems could affect how attackers operate and how defenders respond.
The warning, reported by the Guardian, frames the issue as an urgent governance problem. The agencies are not describing a distant technical trend. They are telling leaders in business and politics that the window to prepare is short.
Why AI changes the cyber equation
The agencies say AI lowers the barriers for bad actors. In plain terms, tools that make complex work faster or easier can also make cyber attacks faster and more accessible.
The statement also says AI increases the speed and complexity of attacks. That matters because many organizations already struggle to keep pace with existing cyber threats. If attacks become faster and more complicated, slow decision-making and unclear ownership become bigger liabilities.
The warning does not treat AI as only an offensive problem. It also says frontier AI will transform defensive cyber capabilities. That creates a race between attackers using AI to move faster and defenders using AI to detect, respond, and adapt.
For leaders, the implication is straightforward: cyber security planning cannot be limited to technical teams. If AI changes the pace and shape of attacks, then budget, accountability, governance, and crisis decisions become part of the same problem.
Cyber risk becomes a board-level issue
The agencies stress that cyber risk can "no longer be treated as a purely technical issue." They describe it instead as a "core business risk and leadership responsibility."
That language is important. It shifts the focus from tools alone to responsibility. A purely technical framing can leave cyber security isolated inside specialist teams. A business-risk framing asks whether leadership understands the exposure, accepts the tradeoffs, and has a plan for what happens when systems are attacked.
For companies and public institutions, the warning points to several practical questions:
- Who owns AI-related cyber risk at the leadership level?
- Are defensive cyber plans built for faster and more complex attacks?
- Can decision-makers respond quickly when technical teams escalate a serious threat?
- Are business leaders treating frontier AI as a near-term risk rather than a future research topic?
The source does not provide a detailed checklist, but the message is clear enough: waiting for the technology to mature before acting may leave organizations behind the threat curve.
The Anthropic context
The joint statement comes shortly after the Trump administration's decision, acting on the advice of national security authorities, to block "foreign nationals" from accessing Anthropic's AI models Fable 5 and Mythos 5.
The source also states that US intelligence agencies had early access to the models, and that Anthropic employees are working together with the NSA.
Those details show how closely frontier AI and national security are being linked in current policy decisions. Access to powerful AI models is not being treated only as a commercial question. It is also being handled as a security concern.
What leaders should take from the warning
The Five Eyes statement does not say that every organization faces the same level of exposure. It does, however, argue that the general risk environment is changing quickly.
For business leaders, the useful takeaway is not panic. It is ownership. If frontier AI can reshape offensive cyber operations within months, leaders need to understand how their organizations make cyber decisions, how quickly they can act, and whether cyber risk is visible at the right level.
For political leaders, the warning is broader. The agencies are saying that governments and businesses may face AI-enabled cyber capabilities that exceed current expectations. That makes preparation a matter of policy, national security, and institutional resilience.
The clearest sentence in the warning remains the simplest one: "act now." The agencies are telling leaders that frontier AI is moving cyber risk from the server room to the executive agenda.